auth-shield
v1.0.0
Published
Role based Authentication System for Express
Downloads
4
Maintainers
Readme
AuthShield
A simple role based authentication system
Installation
npm i auth-shield
How it Works
- There is a Set of Permission and a Set of Role
- One Object that map role with it's Permission
- A middleware that get the role from req.role or req.user.role and check if that role have required Permission
- if have call next()
- if not give response with 403 status code
Note You have to set a
role
field in your model if you usejwt
then you have tosign
role
information and bothrole
name in database should exactly matchauth-shield role
Setup
1 ) require and call AuthShield function to store return value
const {AuthShield} = require("auth-shield")
const shield = AuthShield() //you can name according to your wish
2) add all the role you have in your Database model
shield.addRole(["user","vendor","admin"]) // added user, vendor, admin to the role list
3) add all the permission you want to use
shield.addPermission(["sell","buy","ban"]) // added sell, buy and ban permission to the permission list
4) grant the permission to the role
shield.givePermission("user",["buy"]) //now user can pass the buy permission protected route
shield.givePermission("vendor",["sell"]) //now vendor can pass the sell permission protected route
shield.givePermission("admin",["ban"]) // now admin can pass the ban permission protected route
5) now secure the route with permission
Note use a middleware to set role in the req.role or in req.user.role
- protect /buy route with 'buy' permission
- protect /sell route with 'sell' permission
- protect /ban route with 'ban' permission
router.post("/buy", YourMiddleware, shield.validatePermission("buy") , buyController)
router.post("/sell", YourMiddleware, shield.validatePermission("sell"), sellController)
router.put("/ban", YourMiddleware, shield.validatePermission("ban"), banController)
done ✅
other usefull method
log everything
shield.status() // console log the everything in auth-shield system data
log role and permission list
shield.getRoleList() //return role list here : ["user", "vendor", "admin"]
shield.getRoleList(true) // return role list with console log
shield.getPermissionList() //return permission list here : ["buy", "sell", "ban"]
shield.getPermissionList(true) //return permission list with console log
check if a role or permission exist
shield.existRole("vendor") // true if exist else false here : true as vendor role exist
shield.existRole("seller", true) // will log the result here : false as no seller role exist
shield.existPermission("read") // true if exist else false here : false as read permission exist
shield.existPermission("sell", true) // will log the result here : true as sell permission exit
shield.getPermissionRoleMap() // return role and permission map as Object
shield.getPermissionRoleMap(true) // log the result
check who have these permission
shield.getRoleWithPermission("sell") // result : ["vendor"]
shield.getRoleWithPermission("sell", true) // will log result in the console
check permission of a role
shield.getPermissionOf("user") // result : ["buy"]
shield.getPermissionOf("user", true) // will log the result in the console
crud permission and role
shield.addRole("support") // added suport role in the role list
shield.renameRole("user","customer") // user role is not renamed to customer
shield.deleteRole("support") //delete support from role list and remove all permission of this role
shield.addPermission(["read-user-data","delete-product","add-product"]) // added permission to use
shield.givePermission("admin",["read-user-data","delete-product"]) // granted admin with these permission
shield.removePermission("admin",["read-user-data"]) // removed permission from the admin not from the permission list
shield.deletePermission(["delete-product","add-product"]) // it will remove these permission from both role and permission list
reset permission list and role list
shield.resetPermissionList() //reset permission list
shield.resetRoleList() //reset role list